Main Vulnerability Database Vulnerabilities #VU25127

Cleartext storage of sensitive information in Mozilla Thunderbird - CVE-2020-6794

Published: February 11, 2020

Vulnerability identifier: #VU25127

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-6794

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Thunderbird

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an error password management functionality when working with master password that was updated after Thunderbird 60 release. The old password is still available unencrypted on the system, as Thunderbird did not delete the old password file after update.

How to mitigate CVE-2020-6794

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/

Cleartext storage of sensitive information in Mozilla Thunderbird - CVE-2020-6794

Detailed vulnerability description

How to mitigate CVE-2020-6794

Sources

Please verify you're human